There’s a concerning thread over at WebHosting Talk about a user being charged ten bucks by GoDaddy for ostensibly having incorrect contact information in his domain name registration information, despite the user’s claims that all the information was correct. Someone from GoDaddy actually posted details, as well as information about the policy regarding the charges (that they only charge if incorrect information is actually found); nobody has been able to find the actual user agreement that states this, though, and the original user continues to insist that his information was correct and that GoDaddy has begun ignoring any of his attempts to contact them in an official way.

Given that there’s a new policy coming into effect tomorrow that makes it a lot easier to lose your domain names (via domain transfer requests by nefarious others) if your contact information isn’t perfectly correct, now might be a good time to hop onto your registrars’ websites and verify that everything is as it should be. Most registrars will also allow you to “lock” your registrations so that domain transfers cannot take place without you manually going to their site and reversing the lock — GoDaddy allows this, as does Register.com and even the hoary Network Solutions. When this lock is in place, no transfer request can go through at all (in theory), protecting you from illegitimate transfer requests even when you’re away from your email for more than five days.

I’m with the other Jason in saying that the new policy is supremely idiotic, if only for the incredibly short notification period that is destined to lead to some pretty major domain name losses over the coming months. (After all, it’s reasonably hard to guarantee that you see and trust every single email that’s sent to the address in your registration records, given that this email address sits out there in public and manages to attract metric tons of spam, viruses, and phishing attempts!) And in reading the actual text of the policy, it seems that there’s a window created for registrars who want to side with consumers rather than ICANN and refuse to automatically grant transfers after five days — but that’s my non-legal read of it, which I’m not so sure I’d trust. Nonetheless, it’ll be interesting to see if any registrars become consumer-friendly in this regard.

(If you’re interested, links to the actual ICANN policy, with quotes of the relevant sections, are available in the extended version of this post.)

The new ICANN policy is the Policy on Transfer of Registrations between Registrars, and the bit you want to look for is section A.3. This reads, in part:

The [transfer authorization form] should be sent by the Registrar of Record to the Transfer Contact as soon as operationally possible, but must be sent not later than twenty-four (24) hours after receiving the transfer request from the Registry Operator.

Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default “approval” of the transfer.

In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.

As for the important bits when it comes to domain transfer locks, you’ll find that in the same section:

Upon denying a transfer request for any of the following reasons, the Registrar of Record must provide the Registered Name Holder and the potential Gaining Registrar with the reason for denial. The Registrar of Record may deny a transfer request only in the following specific instances: … 6. Express written objection to the transfer from the Transfer Contact. (e.g. - email, fax, paper document or other processes by which the Transfer Contact has expressly and voluntarily objected through opt-in means) 7. A domain name was already in “lock status” provided that the Registrar provides a readily accessible and reasonable means for the Registered Name Holder to remove the lock status.

Number seven provides the protection of a domain lock; number six seems to be where registrars could modify their terms of service when you sign up, with an automatic opt-in clause objecting to transfers being performed in less than one or two months’ time.

Comments

Dan Halloran, Registrar Liason for ICANN, has been going around to the blogs linking to the NetCraft story and posting comments saying the change is being misreported as too-easy ownership transfer, when in actuality it’s registrar transfer. I presume this means ownership information does not change by this action, only the Registrar of Record.

I’m not convinced this correction makes everything OK again. It seems like anyone can be a registrar, make themselves the RoR of a domain, then forge an ownership change request. But I suppose then the usual dispute mechanisms can come into play, assuming your ownership contact info is accurate. According to Halloran (and the ICANN announcements), this favors the owner in enabling domain portability, like number portability in cell phones.

Any thoughts?

• Posted by: Dan S. [TypeKey Profile Page] on Nov 13, 2004, 1:41 PM

This story made me go update my phone nukmber from all zeos to my cell phone number, which I can only hope is telemarketer-proof since I know it’s a fact that telemarketers purge their lists of cell phone numbers for fear of being sued by irate cell phone owners who claim all their minutes are being used up by incoming phone calls from sleazy companies.

Didn’y stop SprintPCS from calling my east cost number at 6:00 AM PST when I was on the west coast, waking me up in my hotel room only to have me bitch them out for calling me so early (They assumed I was on east coast time). They apologized but it just shouldn’t happen. Cell phone carriers need to be good social citizens and not abuse their customers.

• Posted by: Cameron Barrett on Nov 15, 2004, 12:28 AM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!